Cloud computing is rapidly changing the Internet into a collection of clouds, which provide a variety of computing resources, storage resources, and, in the future, a variety of resources that are currently unimagined.
At present, storage system architectures in a cloud storage environment are monolithic in nature. A tenant is considered as a subscriber of some amount of storage in the cloud or an application who owns part of the shared storage environment. All the tenants will have one view of the storage file system tree. A storage system treats the connected storage as global and storage clients access their storage through the storage service end points such as Network File System (NFS), Common Internet File System (CIFS) and Internet Small Computer System Interface (iSCSI). The critical architectural issue here is that the connected storage is seen as one single file system tree by the storage system. Even though the storage tenant has a unique end point at which storage is accessed, each tenant processing environment in the storage system can access other tenants' file systems. This makes the tenant's storage vulnerable to security attacks and Denial-of-Service (DoS) attacks. Since the system has a global view of the storage, allocation of resources on the storage system, such as memory and CPU management, are not possible on a per tenant basis. The service level assurance of the storage service of a tenant by the storage system depends on how best the system resources (CPU, memory) are controlled on a per tenant basis.
Current generation storage system attempt to partially solve the above-mentioned issues using Logical Unit Number (LUN)-Masking techniques to some extent. However, LUN-Masking does not solve the security issue (confidentiality of tenant's data with respect to other tenants and tenant data manipulation by other client) completely. If the Host-Bus-Adapter (HBA) is compromised, any tenant can access and modify other tenant's data.